#903 disable DOCTYPE to fix XXE Vulnerability

2026-02-14 12:06:24 +08:00 · 2019-01-10 18:28:55 +08:00
parent d6923f2537
commit 8ec61d1328
4 changed files with 8 additions and 1 deletions
--- a/weixin-java-pay/src/test/java/com/github/binarywang/wxpay/bean/result/BaseWxPayResultTest.java
+++ b/weixin-java-pay/src/test/java/com/github/binarywang/wxpay/bean/result/BaseWxPayResultTest.java
@@ -75,7 +75,9 @@ public class BaseWxPayResultTest {
  @Test(expectedExceptions = {RuntimeException.class})
  public void testToMap_with_empty_xmlString() {
    WxPayOrderQueryResult result = new WxPayOrderQueryResult();
-    result.setXmlString(" ");
+    result.setXmlString( "<?xml version=\"1.0\" ?><!DOCTYPE doc " +
+      "[<!ENTITY win SYSTEM \"file:///C:/Users/user/Documents/testdata2.txt\">]" +
+      "><doc>&win;</doc>");
    Map<String, String> map = result.toMap();
    System.out.println(map);
  }